Storage encryption through LUKS


License
MIT
Install
pip install fastluks==0.0.25

Documentation

fastluks

Python scripts for storage encryption through LUKS. Converted into a python package from fast-luks and luksctl

For this package to work properly, both the installation and usage procedure must be run as superuser either in an Ubuntu or CentOS machine.

Installation

The procedure to setup a virtual environment and install the package on CentOS is the following:

yum install -y python3
python3 -m venv venv
. venv/bin/activate
pip install fastluks

To do the same on Ubuntu:

apt-get update
apt-get install -y python3 python3-pip python3-venv
python3 -m venv venv
. venv/bin/activate
pip install fastluks

Usage: fastluks

To perform encryption and volume setup with default parameters, the fastluks command can be used inside the virtual environment:

fastluks

The encryption passphrase can be stored locally and/or on Hashicorp Vault.

  • To store the passphrase locally:
fastluks --save-passphrase-locally
  • To store the passphrase on Vault, the flag --vault must be used with the required arguments specified:
fastluks --vault --vault-url url --wrapping-token token --secret-path path --user-key key

Usage: luksctl

In order to manage a volume encrypted with fastluks, the command luksctl can be used from the command line:

# Display volume status
luksctl status

# Open encrypted volume
luksctl open

# Close encrypted volume
luksctl close